Overview
- Cloudmark is primarily focused on the messaging security needs of Mailbox Providers.
- They protect 200+ million email users worldwide | 150+ Mailbox Providers.
- They have the most comprehensive threat data repository.
Definitions
Terminology used in the Partner Platform for insight into Cloudmark filtering:
- Cloudmark Identifiers - when a large number of recipients mark email as spam via the “this is spam” (TIS) button, the hashed identifying characteristics of the message (also known as “fingerprints”) can be considered spam. All future campaigns with one of these identifiers will likely be spam-filtered into the junk folder. Partner Platform surfaces problematic identifiers in the “Cloudmark Identifiers” column.
- Problem Categories - mappings provided by Return Path to help Partner Platform users make sense of the hashed Cloudmark identifier. Use categories to identify similarities between spam-filtered campaigns.
- Status - the current Cloudmark decision if the email should be spam-filtered or not
- Resolved - latest decision from Cloudmark indicates this identifier (fingerprint) is no longer a problematic campaign. Partner Platform also providers the timestamp for when this change occurred
- Unresolved - latest decision from Cloudmark indicates this identifier is still used to flag a problematic campaign
How Mailbox Providers use Cloudmark data
The 150+ Mailbox Providers that use Cloudmark filtering services can each write their own rules on how to handle Cloudmark data, but most commonly they send Cloudmark-identified problematic (fingerprinted) messages to the junk folder.
Troubleshooting
Without resolving the core problem, your client’s could quickly end up re-labeled as problematic by Cloudmark because these filters are based on real subscribers marking messages as spam. Abusing Cloudmark’s reset will make it more difficult to resolve issues in the future. The more it appears that there is unwanted content in your email, or unwanted behaviour by your MTAs, various service providers will reduce the speed and volume at which you can send to them.
- Determine if the Cloudmark issues are due to complaints (TIS votes):
- If you are seeing many Cloudmark issues for your client’s campaigns, real people are complaining about your client’s mail.
- Return Path’s Help Center has many resources to help your client through common complaints, including: Troubleshooting sharp increases in complaint rates
- Determine the commonality between campaigns that are being complained about:
- Most Mailbox Providers tie complaints to IP or Domains to calculate IP/Domain reputations. However, Cloudmark can tie complaints to a wide range of identifiers including subject, url, logo, IP, Domain and more (see full list of categories displayed in the platform). The reputation of any identifier (fingerprint) can be deemed ‘spammy’ if there are too many complaints.
- In the Message Filtering Trends section of the Partner Platform, click into a datapoint from the graph to see campaigns impacted by Cloudmark identified issues.
- Click the campaign’s details button for campaigns with low inbox placement.
- Use the Partner Platform’s “Category” and “Cloudmark Identifiers” columns to help you identify similarities between Cloudmark’s spam-filtered campaigns.
- Once you have identified similarities between problematic campaigns, consider the following:
- If the category is an attachment, clients should stop using the attachments in the problematic campaigns immediately. The attachment has likely been deemed a security issue.
- If the category is a logo, url or other non-IP category, people are complaining about messages that used that common characteristic of your message.
- Third parties - affiliates or spammers can cause your client's issues with Cloudmark
- Have you given this content (URLs, Logos, etc) to a 3rd party for sending?
- Make sure you don’t have a third party sending on your behalf that is drawing down your legitimate campaigns.
- Provide third parties with a different image or unique landing pages than ones used in your campaigns.
- Spammers use company logos and graphics to look legitimate and fool recipients into being phished.
- If you believe this is the case, clients should discontinue use of the graphic and use a different one moving forward.
- Return Path can also escalate to Cloudmark to help fix problems caused by illegitimate use of your client’s marks. Create a Return Path support ticket here.
- Mailing list - sending to people who don't want your client's mail can cause your client's issues with Cloudmark
- Use the common identifier and categories to determine if problematic campaign were sent to the same lists.
- Were these people that would have expected/wanted this email?
- Revisit sending practices: tips for improving engagement
- If the category is a domain or IP, make sure your clients are following the M3AAWG Sender Best Common Practices as forward and reverse DNS of the IP is important.
- Forward DNS
- A name MUST be chosen that clearly identifies the responsible party's domain. This would be the provider/ESP when the IP address is shared and normally the customer/advertiser in dedicated IP situations.
- Note that in the latter situation where the domain name belongs to a customer/advertiser, it is up to the administrator of the customer/advertiser's domain to implement the forward DNS.
- The name must also clearly indicate that the machine is a server, rather than a generic pool space.
- Example: "server03.espname.com", not “pool-dhcp-456.espname.com"
- Especially in shared IP situations, there may be more than one name pointing to the same IP address, but the name chosen in (1a) above MUST be considered the "primary name."
- Except in dedicated IP situations, all mail servers belonging to the ESP/advertiser for the purpose of sending email to end users must use the same name or a small number of names at the "domain registry level," and use differentiating subdomains if needed. The goal is to keep the names clearly identifiable as one entity or as several sub-entities under the main one.
- Example: Do not use espname01.com, espname02.com. Instead use server1.espname.com, server2.espname.com, etc.
- A name MUST be chosen that clearly identifies the responsible party's domain. This would be the provider/ESP when the IP address is shared and normally the customer/advertiser in dedicated IP situations.
- Reverse DNS
- The IP address of the sending server must have reverse DNS (also called PTR or IN-ADDR) configured.
- There must be only one reverse DNS name configured per IP address.
- The name must exactly match the primary name chosen as per (1a) above.
- IP reputation issues will likely need a reset once sending practices have improved. Reach out to Return Path Support for help resetting reputation.
- Pay close attention to your 4xx and 5xx errors
- Forward DNS
- If the category is “Multiple Issues”, this means that many components in the campaign were spammy. Use the tips above to troubleshoot this category or reach out to Return Path Support.
- Mitigating future Cloudmark issues
- Get Certified
- Return Path’s Certification offers preferential treatment at Cloudmark and identifies Cloudmark spam traps at a domain/IP level
- Certification also provides Signal Spam complaints, and several Cloudmark mailbox providers share complaint data with Signal Spam
- Subscribe to the Universal Feedback Loop.
- Cloudmark doesn't offer a feedback loop, but several mailbox providers that use Cloudmark offer FBLs. Subscribing to the UFBL will ensure you are notified of these complaints so that you can remove recipients complaining about your mail.
- Continue to follow best practices and take action to address and reduce the complaints.
- Get Certified
You should follow the Troubleshooting tips outlined below to fix your client’s issues with Cloudmark. After following the recommendations, if you are still unable to fix the issue, you may need to work with Return Path’s support team to reset the reputation of the sender at Cloudmark.
Reach out to Return Path Support here for more help.